Peter: thank you very much for this review. Brian: thanks for answering Peter’s comments.
I agree with your assessment, and balloted No objection on this document. Francesca From: art <[email protected]> on behalf of Brian Trammell (IETF) <[email protected]> Date: Tuesday, 22 March 2022 at 15:05 To: Peter Saint-Andre <[email protected]> Cc: [email protected] <[email protected]>, [email protected] <[email protected]>, [email protected] <[email protected]>, [email protected] <[email protected]> Subject: Re: [art] Artart last call review of draft-ietf-quic-manageability-14 > On 22 Mar 2022, at 14:58, Peter Saint-Andre <[email protected]> wrote: > > On 3/22/22 6:29 AM, Brian Trammell (IETF) wrote: >> Hi Peter, >> Many thanks for the review! Apologies for the delay in getting back to you >> on this, as this fell through the cracks a bit. The comments here not >> addressed in other changes suggested by other reviews are currently in >> https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-414d42de6e6154f5&q=1&e=6de631a6-fd3a-4c68-ab65-bd365267b9a5&u=https%3A%2F%2Fgithub.com%2Fquicwg%2Fops-drafts%2Fpull%2F462 >> >> <https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-414d42de6e6154f5&q=1&e=6de631a6-fd3a-4c68-ab65-bd365267b9a5&u=https%3A%2F%2Fgithub.com%2Fquicwg%2Fops-drafts%2Fpull%2F462>, >> and will make it into a published copy of the draft soon. >> A couple of points, inline... >>> On 15 Feb 2022, at 00:30, Peter Saint-Andre via Datatracker >>> <[email protected] <mailto:[email protected]>> wrote: >>> >>> Reviewer: Peter Saint-Andre >>> Review result: Ready with Nits >>> >>> ARTART review for draft-ietf-quic-manageability >>> Author: Peter Saint-Andre >>> Date: 2022-02-14 >>> >>> Overall this document is in good shape (in particular, I welcome its >>> neutral, >>> explanatory tone). I have only small comments. >>> >>> In Section 2, the phrase "this document describes version 1 of the QUIC >>> protocol" could be slightly misleading, because presumably the protocol >>> itself >>> is described in the QUIC specifications. I suggest changing "describes" to >>> "addresses". >>> >>> It might be helpful to mention that QUIC-specific terminology (e.g., "spin >>> bit") is defined in the QUIC specifications. >>> >>> Is there a difference between "long packet headers" and "long header >>> packets"? >>> Both phrases are used. >> There’s a tiny difference — a long packet header is the header itself, and a >> long header packet is a packet containing a long header. I’ve reviewed the >> uses in the document and I think, stylistically, we’re using each >> appropriately everywhere. > > Would it make sense to describe this in the text or, perhaps, to hyphenate > "long-header packet"? (I think the latter is good.) I like the hyphenation fix; I’ll make that change. >>> The phrase "cryptographically obfuscated" (used in Section 2.1 and >>> elsewhere) >>> is strange. Typically, to obfuscate something means to make it obscure, >>> unclear, or unintelligible; this verges on "security by obscurity". It >>> would be >>> more accurate to say that constructs like the packet number and key phase >>> are >>> cryptographically protected or, even better, that the QUIC protocol ensures >>> data confidentiality (e.g., as that term is defined in RFC 4949). > > I think you missed some instances in your edits: > > Retry (Section 17.2.5 of [QUIC-TRANSPORT]) and Version Negotiation > (Section 17.2.1 of [QUIC-TRANSPORT]) packets are not encrypted or > obfuscated in any way. For other kinds of packets, version 1 of QUIC > cryptographically obfuscates other information in the packet headers: > > and > > The payload of the Initial packet > is obfuscated using the Initial secret. > > and > > The Server Initial datagram also exposes version number, source and > destination connection IDs in the clear; the payload of the Initial > packet(s) is obfuscated using the Initial secret. > > and > > The packet number length > is defined by the seventh and eight bits of the header as described > in Section 17.2 of [QUIC-TRANSPORT], but is obfuscated as described > in Section 5.4 of [QUIC-TLS]. Ah.. I was trying to fix the clearly-odd construct “cryptographically obfuscated”, although in the first instance I did miss one. The use of “obfuscated” elsewhere is meant to make it clear that, while there are cyptographic operations in use, the secrets are known, so this is really “obfuscated”… However, that detail might not be as relevant here, so “protected” is probably better in all these case. I'lll make that change as well. Thanks, cheers, Brian > >>> Can we provide a citation for the term 5-tuple? >> I couldn’t find a reasonable one here that didn’t come with other baggage, >> so I defined it on the first use instead. > > Yes, I ran into the same baggage problem when I started to look around; > defining it on first use is good. > > Thanks! > > Peter _______________________________________________ art mailing list [email protected] https://www.ietf.org/mailman/listinfo/art
